code of business conduct and ethics reviewed

Sensitivity: Internal

Code of Business Conduct and Ethics (COBE)

February 2020


Contents Message from Management ...................................................................................................................... 5

1 Scope..................................................................................................................................................... 6

2 COBE: General Principles ................................................................................................................... 7

2.1 General Employee Responsibilities ................................................................................................. 7

2.2 What Managers Need to Know........................................................................................................ 7

2.3 Assistance ....................................................................................................................................... 7

3 Evalueserve’s Commitment ................................................................................................................ 8

3.1 Equal Employment Opportunity ....................................................................................................... 8

3.2 Freedom from Workplace Harassment ........................................................................................... 8

3.3 Provision of Workplace Freedom .................................................................................................... 8

3.4 Employee Ethics .............................................................................................................................. 9

3.5 Employee Privacy ............................................................................................................................ 9

4 Evalueserve’s Commitment Toward Data Protection Regulations ............................................... 10

4.1 Compliance with Data Protection Laws ......................................................................................... 10

4.2 Evalueserve’s Rights and Obligations ........................................................................................... 10

4.3 Evalueserve’s Responsibilities and Commitments as Data Controller and Data Processor......... 11

4.4 Protection of Children’s Personal Data ......................................................................................... 11

4.5 Appointment of Data Protection Officer (DPO) .............................................................................. 11

4.6 Privacy Impact Assessment .......................................................................................................... 12

4.7 Data Protection Audits ................................................................................................................... 12

4.8 Personal Data Breach Notification ................................................................................................ 12

5 Employees’ Rights in Connection with Data Protection at Evalueserve ..................................... 13

5.1 Right to be Informed ...................................................................................................................... 13

5.2 Right to Access, Rectify, Erase, and Freeze ................................................................................. 13

5.3 Right to Object to Data Processing ............................................................................................... 13

5.4 Right to Object to Data Sharing ..................................................................................................... 13

5.5 Right to Lodge Complaint and Obtain Redressal .......................................................................... 13

5.6 Right to Withdraw Consent ............................................................................................................ 13

6 Employees’ Conduct .......................................................................................................................... 14

6.1 Alcohol, Substance Abuse, and Other Prohibitions....................................................................... 14

6.2 Protection of Evalueserve Assets .................................................................................................. 14

6.3 Authority to Make Business Commitments .................................................................................... 15

6.4 Conflict of Interest .......................................................................................................................... 15

7 Financial Controls, Records, and Auditing ..................................................................................... 17

8 Commitment to Society ..................................................................................................................... 18


8.1 Environment, Health, and Safety ................................................................................................... 18

8.2 Corporate Social Responsibility (CSR) ......................................................................................... 18

9 Reporting Violation of Code ............................................................................................................. 19

10 Acknowledgment of Receipt of Code of Business Conduct ......................................................... 20

Evalueserve Disclaimer ........................................................................................................................... 21

4 © Evalueserve. All rights reserved. evalueserve.com Sensitivity: Internal

Document Details

Title: Code of Business Conduct and Ethics

Version: 2.6

Classification: Public

Creation Date: October 2009

Last review Date: February 2020

Description: Annual Review

Author: Evalueserve Compliance Team

Reviewed By: Group Manager, Compliance

Approved By: Deepak Batra, Data Protection Officer

Custodian: Evalueserve Compliance Team

Version History

Version Date Comments

Version 2.4 January 2018 Incorporation of updated data protection regulations

Version 2.5 March 2019 Incorporation of new right under Employees’ rights – Right to withdraw consent

Version 2.6 February 2020 Incorporation of provision relating to workplace freedom and change in the Management Speech


Message from Management Dear colleagues, Evalueserve, ever since its inception in 2000, has been upholding the highest standards of governance and creating value for all stakeholders. Governance entails accountability of the management, and a proactive approach toward meeting governmental, regulatory, and statutory directives. We maintain high ethical standards in order to sustain our brand value, based not only on service quality but also ethical, moral, and legal standards. Evalueserve and its Board of Directors is committed to honoring its commitment to all stakeholders, including clients, employees, and shareholders. We work to ensure transparency by adopting fairness, honesty, and integrity, thereby accelerating our company’s overall growth and long-term value for stakeholders. We are also an equal opportunity organization that offers a level playing field for all employees and stakeholders. Evalueserve has adopted the Code of Business Conduct and Ethics (COBE / Code) to ensure that each Evalueserve employee fully understands what the company expects from them, with respect to personal integrity and ethical behavior. While every employees has to comply with COBE, managers have the additional obligation of serving as role models by displaying exemplary conduct. They are also responsible for guiding their team members. Evalueserve launched the Diversity and Inclusion initiative in January 2019, with a focus on promoting diversity at the workplace. We strive for excellence in capital and operational efficiency to expand our global footprints and become a leader in the industry. Nand Gangwani CFO & COO


1 Scope Code of Business Conduct and Ethics (COBE / Code) provides ethical guidelines for conducting business on behalf of Evalueserve, including its subsidiaries and affiliates. COBE applies to all employees (Employees), agents, franchises, client executives, brokers, sub-contractors, consultants, and representatives (Representatives) working across all Evalueserve locations. Evalueserve sets standards for integrity in everything we do. We demand this of ourselves, just as others – such as our shareholders and customers – expect this from us. We require all our Employees and Representatives globally to perform their duties diligently and in compliance with this Code along with other policies that are in place at Evalueserve. The main purpose of COBE is to:

1. Encourage and promote the work culture of honesty, integrity, and mutual respect 2. Establish a mechanism to resolve various ethical issues within the organization

Standards With this Code, Evalueserve sets standards of Business Conduct and Ethics that should be followed by all our Employees and Representatives across the globe. At Evalueserve,

• We prohibit harassment, bullying, and discrimination

• We are committed to uphold and protect human rights

• We do not engage in corrupt practices

• We uphold and maintain our commitment to integrity at the workplace

• We ensure employee satisfaction and productivity

• We protect the environment, strengthen communities, and propel responsible growth

• We maintain safe working environment

• We protect and manage personal information of our employees

• We treat others with respect and dignity, encourage diversity and diverse opinions, promote equal opportunity for all, and help create an inclusive and ethical culture

• We ensure compliance with principles, regulatory laws and their requirements, including but not limited to employment, discrimination, health, and safety. We also ensure to abide by the regulatory requirements as set out by various data protection laws from time to time

• We reduce the risk of data transfer within the group and to third parties, and proactively maintain vigilant operational and technical security processes


2 COBE: General Principles

COBE sets forth legal and ethical standards and provides an overview of Evalueserve’s guiding principles. The code is not intended to be all inclusive and does not cover every conceivable situation an Employee or a Representative may encounter. For that, we are highly reliant on the judgment and discretion of individual Employees or Representatives; it is for them to decide what is right, including a decision to obtain guidance from others on the appropriate course of conduct. COBE is a dynamic document that will evolve over time as we continue to apply best practices and principles to the complex and diversified issues / situations related to business conduct and ethics. However, as we change, refine, and adapt our best practices, the organization’s commitment to integrity and honesty will always remain consistent.

2.1 General Employee Responsibilities

All Employees at Evalueserve are expected to do the following:

• Understand the importance of Evalueserve policy(ies) and / or guideline(s) in relation to his / her job and follow them diligently and consistently

• Be conversant with the information contained in the Code and about their compliance obligations at Evalueserve and ensure that they fulfil such compliance obligations within the stipulated timelines

• Complete all their compliance requirements within the agreed timelines and keep themselves abreast with the current standards and expectations; use good judgment and demonstrate a high degree of personal integrity and honesty at all times, even in situations that are not specifically addressed by COBE or by an Evalueserve policy

• Be aware of the fact that any violation of Evalueserve policy(ies) and / or guideline(s) will result in disciplinary action against such employee (including but without limiting to immediate termination of employment)

• Apprise themselves with the latest applicable data protection laws / regulations to ensure data privacy compliance and safeguard their personal data

2.2 What Managers Need to Know In most cases, an Evalueserve manager will be the first point of contact for the Employee who believes that an Evalueserve policy has been violated. Thus, managers play a vital role in ensuring compliance with COBE, Evalueserve policies and guidelines, and applicable laws and regulations. The managers must:

• Be familiar with Evalueserve’s policies and guidelines, so that they can train team members on policies related to their jobs, create awareness on the practices prevalent at Evalueserve, and attend to Employees’ expectations with respect to such policies

• Be perceptive to potential problems or compliance issues that could arise in their area of responsibility

• Cooperate and facilitate audit and investigation and never modify and destroy any evidences if any investigation is anticipated

• Be proactive in responding to potential issues revolving around their work areas and should ensure timely reporting of such concerns, so that prompt and corrective actions can be taken at the right time, where the situation so warrants

2.3 Assistance

If an Employee / Representative intends to seek any further information / clarity about any Evalueserve policy(ies), he / she may connect with:

1. His / her manager 2. Human Resource (HR) department 3. Compliance department

Employee must promptly report concerns about violation of any laws, regulations, or the COBE to their manager, HR department, or Compliance team. In case you need to report any concern / non-compliance / incident and want to keep your identity anonymous, you may contact the Whistleblower Committee (refer to Evalueserve Whistleblower Policy for more information).


3 Evalueserve’s Commitment

3.1 Equal Employment Opportunity Evalueserve is committed to providing equal employment opportunities to all new applicants and Employees. Individuals, at Evalueserve, will be hired and promoted on the basis of their qualification, performance, and abilities. Evalueserve’s employment practices will comply, in all respect, with applicable laws and regulations. The fundamentals of Evalueserve’s employment policy is as follows:

• Equal employment opportunity will be provided to all persons, regardless of their race, color, sex, religion, national origin, disability, veteran status, or any other category protected by the law.

• All conditions of employment, including but not limited to recruitment, promotion, compensation, benefits, transfers, layoffs, return from layoff, company-sponsored training, education, and social and recreational programs, will be dispensed with, if at so required, without regard to race, color, sex, religion, age, national origin, disability, veteran status, or any other category protected by the law.

The HR department and managers will ensure that all employee selection activities are carried out in line with the prescribed employee selection guidelines covered by the applicable laws.

3.2 Freedom from Workplace Harassment Workplace harassment, whether verbal, written, or physical, will not be tolerated at Evalueserve. Evalueserve is determined toward providing a workplace free from all types of discrimination and / or harassment. Workplace harassment is defined as offensive and / or unwelcome behavior and / or conduct toward an individual based on diverse human characteristics and / or cultural background (such as age, race, gender, national origin, disability, religion, or any other diverse human characteristic) that substantially interferes with an individual’s employment or creates an intimidating, hostile, or offensive work environment for that individual. Workplace harassment does not refer to performance-based discussions or other appropriate business-related conversations. Some examples of workplace harassment are “continued or repeated verbal abuse; comments and jokes about ethnic background, race, religion, physical characteristics, and racial or ethnic stereotypes; and graphic or degrading comments about an employee’s appearance.” Sexual harassment is a specific form of workplace harassment. Evalueserve will take strict disciplinary action against those who harass Employees or Representatives (refer to Evalueserve Prevention of Sexual Harassment at Workplace Policy for more information).

3.3 Provision of Workplace Freedom

We, at Evalueserve, are dedicated toward ensuring that there is no modern slavery or child labor in any part of our business or supply chain and also ensure to conduct our business in an ethical and honest manner. Evalueserve restricts the use of forced labor, child labor, servitude, human trafficking, and forced & bonded labor within its supply chain according to the local laws and regulations. In accordance with our corporate ethical practices, we condemn the use of forced labor, child labor, servitude, human trafficking, forced & bonded labor, or any other form of involuntary labor and strictly say “no to such practices” as prescribed and governed by the local laws and regulations. Evalueserve has zero tolerance toward factors that independently or in combination may increase the risk of such practices in the employment cycle, for example, physical abuse and humiliating discipline. We strive toward deploying appropriate measures for tackling modern slavery at workplace. We have adopted procedures such as Whistleblowing mechanism to enable and encourage employees to raise


incidents for unfair treatment / misconduct or wrongdoing at the workplace. Evalueserve has a Whistleblower policy, which is posted on iKnow portal under the Compliance tab and is accessible to all employees.

3.4 Employee Ethics Employees and Representatives at Evalueserve are expected to abide by the ethical practices while rendering services or while undertaking any task for and on behalf of Evalueserve. Employee ethics refer to a set of moral values and principles that are expected out of the Employees to be followed in a business environment while working in that business environment. These set of norms, values, and ethical and unethical practices are the principles that guide an Employee on how they should work within the organization. We, at Evalueserve, believe that employee ethics plays a crucial role in harmonizing stakeholder relationship. Therefore, it is expected out of the Employees at Evalueserve to observe employee ethics in whatever task they undertake. Employees and Representatives should have a clear understanding of what is a correct practice and what should be done to adopt the correct practice and what should be avoided.

3.5 Employee Privacy

Evalueserve respects the privacy and integrity of its Employees’ personal information. Evalueserve and its authorized entities / individuals collect and maintain personal information such as employment, medical, educational, family, travel, financial data, and other personal history about Employees. Evalueserve will maintain the confidentiality of such information about its former and existing Employees; access to such information will be restricted to people who need to know that information. Employees who have access to personal information have the added responsibility of ensuring the confidentiality of all such information. The disclosure of such information is only to be made in accordance with Evalueserve policies, and where there is a genuine business or legal requirement to do so. Personal information of Employees is secured with high degree of controls, including technical and organizational security measures.

However, the above privacy protection does not apply to an Employee’s own personal information stored by self on Evalueserve equipment or in office files. Evalueserve also has the right to monitor Employees’ use of his / her equipment and systems – telephones, emails, internet, computers, fax machines, etc. This applies to all Evalueserve-owned equipment at the workplace and at other locations. Evalueserve understand its responsibility to apprise and acquaint all individuals working for Evalueserve anywhere in the world and at all levels and grades, including but not limited to officers, directors, employees, consultants, or any other persons associated with Evalueserve or any of its subsidiaries or their employees with the latest data protection legislation(s). Proper awareness sessions and training programs on data privacy / protection are conducted from time to time to keep the Employees abreast of relevant legislative updates on the processing of personal information.


4 Evalueserve’s Commitment Toward Data Protection Regulations

4.1 Compliance with Data Protection Laws Evalueserve is committed to comply with the data protection laws and regulations prevailing across the globe. Everyone working in and / or working for Evalueserve is committed to abide by the applicable data protection laws and regulations. In view of the above, Evalueserve ensures that:

• Proper procedures for the processing and management of personal information are in place

• Data collectors within the organization have specific knowledge about the statutory requirements flowing from the data protection legislation(s) and the prescribed compliance obligations to adhered to

• A supportive environment is in place and personal information processing best practices are adopted

• Employees understand the process of managing personal information and the responsibilities connected therewith

• Personal information is processed in accordance with data protection principles to keep the data secure and safe from unauthorized access, alteration, use, or loss

• Other organizations with whom personal information needs to be shared or transferred meet the compliance requirements

4.2 Evalueserve’s Rights and Obligations Evalueserve reserves the right to collect, process, store, transfer, and retain the personal information of Employees in the following manner: Procurement: Evalueserve collects Employees’ personal information at the time of joining and during their employment with the organization. The information includes personally identifiable information (such as name, middle name, last name, email address, family data, educational data, financial data, employment data, and travel details) that Evalueserve collects for its legitimate business purposes. Processing: Evalueserve processes Employees’ personal information for the purpose of facilitating employment benefits (e.g., processing salaries, salary slips, appraisal letters, investment declaration, tax deduction benefits, health & insurance benefits, and other payroll activities) and for other administrative purposes. The data is processed in accordance with the terms agreed under the employment contract or informed during employment and as required by the law. Monitoring: Evalueserve reserves the right to monitor email communications of its Employees, their internet usage, telephone calls, and security checks within the organization to ensure compliance with applicable data protection laws. Sharing / Transfer: Employees’ personal information will be shared with Evalueserve entities and / or with third parties having contractual relationships with Evalueserve for the purpose of providing employment benefits, performing background checks, and other administrative activities. Retention of records: Evalueserve will retain the personal information of Employees during their employment and after the cessation of the employment contract for a defined period as per applicable laws of the jurisdictions where Evalueserve entities are located.


4.3 Evalueserve’s Responsibilities and Commitments as Data Controller and Data Processor

• Fair and transparent data processing: Evalueserve has set out rules for handling and processing personal information in accordance with data protection laws. Employees’ personal information will be processed for specified explicit and legitimate business purpose and may not be processed further in a way inconsistent with the law. Employees’ personal information will be processed lawfully, fairly, and in a transparent manner such that it is not prejudicial to the interests of the Employee.

• Purpose of processing: Evalueserve understands and accepts its obligation to ensure that personal information is collected for specified, explicit, and legitimate purposes and that the information is not further processed in a manner inconsistent with the defined purposes. Every reasonable step must be taken to ensure that any inaccurate personal information, with regard to the purposes for which it is processed, is erased or rectified without delay. Evalueserve collects minimum personal information from Employees for facilitating employment-related benefits.

• Storage of personal information: Evalueserve keeps personal information in a form that permits identification of Employees for a period no longer than is necessary for the purposes for which the personal information is processed, subject to the terms of the contract entered into with Employees or as per the applicable law.

• Security of personal information: Evalueserve processes personal information in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

• Evalueserve has adopted the required possible technical, organizational, and administrative security measures to ensure that the data is kept secured and is not disclosed – whether electronically, verbally, or in writing – to any unauthorized person, taking into account the type of information, the risk of breach associated, and the harm that may result from such a breach.

• For information about the technical measures adopted to safeguard Employees’ personal information, please refer to Evalueserve’s “Data Protection Policy”.

• Communication with Employees: Evalueserve apprises all Employees and acquaints them with the intended use of their personal information. Evalueserve ensures that Employees are informed and made aware of the following details with the help of employment contract, policies, handbooks, etc.: – The identity and contact details of the controller or its representative – The contact details of the data protection officer (DPO) – The purpose of processing such personal information – The legal basis for such processing – Where the processing is based on a legitimate interest, details must be provided – The recipients or categories of recipients of the personal information – Details of third country transfer (if any) – Retention of personal information – Information about notification of breach / violation of data protection laws

4.4 Protection of Children’s Personal Data

Evalueserve ensures that where services are offered directly to a child, the consent of their guardian will be procured. In addition, a privacy notice is written in a clear, plain manner, to the extent possible, such that it does not entail in any hardship on the part of the child to understand the content of such notice.

4.5 Appointment of Data Protection Officer (DPO)

Evalueserve has appointed a DPO, who shall act as the central person in advising the Company on compliance with the General Data Protection Regulation (GDPR). Details of the DPO are available on the


Evalueserve website. The DPO is responsible for overseeing that the data protection strategy adopted at Evalueserve is in compliance with the statutory requirements as prescribed under the GDPR and other applicable data protection laws. As an integral part of the above activity, the DPO at Evalueserve also oversees data privacy / protection policies to ensure that the same have been operationalized across all Evalueserve centers. With the responsibility and the authority vested on the DPO under the GDPR, the DPO is also the contact person for supervisory authorities (SAs) for communication and notification of personal data breaches, audit reports, results of privacy impact assessments, etc.

4.6 Privacy Impact Assessment All high-risk processes at Evalueserve are subject to a privacy impact assessment, which is conducted within the organization, group entities, etc., to identify and reduce risks.

4.7 Data Protection Audits

Evalueserve’s audit program ensures adherence to all aspects of applicable data protection laws:

• ISO 27001 internal audits: Evalueserve conducts regular internal audits across the organization as well as in specific departments to ensure physical, logical, and information security standards are being followed at Evalueserve in line with the ISO27001:2013 standards.

• External audits: Evalueserve undergoes external audits on an annual basis, as a part of its compliances in continuation to ISO 27001 certification requirements. In addition, a third-party vendor conducts an annual Vulnerability Assessment Penetration Testing (VAPT) of the organization’s critical servers, application, and IT infrastructure to identify and patch any weaknesses or vulnerabilities detected during the testing procedures.

• Data protection audit and compliance verification: Evalueserve conducts internal audits periodically or whenever required by law. Evalueserve agrees to provide data protection authorities the right to conduct external audit upon their request to verify compliance with applicable data protection legislation(s).

4.8 Personal Data Breach Notification

A personal data breach refers to a security breach that leads to loss, alteration, unauthorized disclosure, or access to personal data. Any breach of data protection laws will be considered as an offence and shall attract penal provision as stipulated under law. Any violation of these laws / suspected breach should be reported to the DPO via email at ([email protected]) or through the incident reporting mechanism available on iKnow.

mailto:[email protected]


5 Employees’ Rights in Connection with Data Protection at Evalueserve

With regard to applicable data protection laws, data subjects are entitled to the below-mentioned rights at Evalueserve:

5.1 Right to be Informed

Employees whose personal information is obtained, processed, stored, and shared are entitled to know that Evalueserve holds their personal information, as well as the purpose for which such information will be processed.

5.2 Right to Access, Rectify, Erase, and Freeze

Employees at Evalueserve, besides having the right to access their personal information held by Evalueserve, also have the right to ask Evalueserve to “delete, freeze, or correct” such data. Employees have the right to get their personal information deleted when it is no longer necessary to be processed or when it has been unlawfully processed. The Employees also have the right to get the data held by Evalueserve frozen, thus preventing Evalueserve from further processing their data, where the Employees are of the opinion that the processing is unlawful or contest the accuracy of the data.

5.3 Right to Object to Data Processing

Employees have the right to object to / restrict the processing of their personal information, including profiling of personal information for any purpose considered to be illicit or about which they have not been informed at the time the information was collected from them. Evalueserve, however, reserves the right to reject such requests if they affect Evalueserve’s business purposes. In addition, employees should note that the request raised for objecting / restricting the processing will, in no manner, obstruct the day-to-day business activities or disrupt the disciplinary procedures at Evalueserve.

5.4 Right to Object to Data Sharing

Employees have the right to object to the sharing of their personal information with cross-border Evalueserve entities or a third party having contractual relationships with Evalueserve for any purpose not defined or consented to by the Employees. Employees can obtain their information when required or provide it to a third party, or they can ask Evalueserve to transfer it to a third party.

5.5 Right to Lodge Complaint and Obtain Redressal

Violation of data protection laws should be reported to the Company’s DPO (Deepak Batra) via email ([email protected]) or through the incident reporting mechanism available on iKnow. Employees have the right to lodge a complaint in case of any breach of data protection laws and claim compensation if they suffer as a result of the breach.

5.6 Right to Withdraw Consent

Employees have the right to withdraw the consent they had provided to Evalueserve at any time. However, the withdrawal of such consent should not affect the lawfulness of processing the data based on consent before its withdrawal. Prior to giving consent, the data subject should be informed thereof. Evalueserve has an obligation to notify the DPO about any such request for withdrawal of consent. The Data Protection team, under the supervision of the DPO, will evaluate the request within a reasonable time.



6 Employees’ Conduct

6.1 Alcohol, Substance Abuse, and Other Prohibitions Evalueserve is determined to provide a workplace free from any type of alcohol and substance abuse. Evalueserve has a strict policy on substance abuse, which includes alcohol abuse and use of illegal drugs and controlled substances. Employees and Representatives are not permitted to report to work or conduct Evalueserve business on the Company premises or operate Company vehicles while under the influence of alcohol, drugs, and / or controlled substances. This also applies to any other work site or any other premises / location from where Employees are operating and/ or Representatives are assigned during work hours or are representing Evalueserve in a professional capacity. The consumption, purchase, sale, manufacture, trafficking, possession and / or distribution of illegal substances are against Evalueserve’s policy. Serving alcoholic beverages to clients, guests, or Employees at Evalueserve premises is strictly prohibited. The only exception to the above consumption of alcoholic beverages is at Evalueserve events, where such consumption has been specifically permitted. Even during such events, intoxication or excessive use or abuse of alcohol is prohibited; Evalueserve expects Employees to exercise propriety and ethical conduct at such events. To create a safe working environment, Evalueserve has zero-tolerance policy against workplace violence. Workplace violence includes any coercive and unethical activities that create an environment of fear and has the potential to create a risk to health, safety, and the wellbeing of Employees. Furthermore, Evalueserve strictly prohibits the possession of firearms or other weapons on Company premises.

6.2 Protection of Evalueserve Assets All Employees and Representatives should protect Evalueserve assets and ensure their efficient use. Theft, carelessness, and waste have a direct impact on our profitability. All Evalueserve assets are to be used for legitimate business purposes only. Any suspected incident of fraud, misuse, or theft should be immediately reported for investigation. Evalueserve assets should not be used for personal benefit. Physical assets: Evalueserve assets include physical assets, such as facilities, systems, equipment and materials, and corporate charge cards. All Employees must adhere to the following guidelines to judiciously use Evalueserve assets and protect them from loss, theft, or misuse:

• Use Evalueserve assets appropriately and protect them when not in use

• Not give or lend these assets to anyone without approval

• Display Evalueserve identification badge while on Evalueserve premises

• Use electronic access control cards that provide access to Evalueserve facilities and systems

• Not admit / allow access to unauthorized individuals into Evalueserve facilities

• Be aware of and understand Evalueserve’s security policies and procedures. Employees should also be alert and aware of situations or incidents that could lead to the loss, misuse, or theft of Company assets

• Notify the Administration Department immediately if any asset is lost, misused, or stolen

• Notify the Whistleblower Committee if one suspects any fraudulent activity

Computers and other information systems: Evalueserve maintains a wide spectrum of technology (including electronic communications technology) for legitimate business activities to be conducted by authorized individuals in support for its business needs. Evalueserve expects Employees to use all information assets, including computers, laptops, printers, fax machines, scanners, telephones, voicemail, and software, responsibly. Evalueserve’s connection to the internet and its intranet systems are solely for business purposes. Employees who misuse information systems may lose access privileges and, depending on the severity of the situation, may also be subject to strict disciplinary actions, including dismissal. The policy prohibits the following activities related to the use of Company assets:

1. Using the assets for any illegal activity, including pornography, pyramid schemes, gambling, and / or software piracy

2. Commercial or political use, such as running a personal business, and / or promoting a political candidate


3. Circulating chain email, emails of lewd nature, and / or virus hoaxes and / or actual viruses, or downloading unauthorized software or materials

4. Harassing and / or threatening communication, including defamatory, libelous, or slanderous comments

5. Intentional concealment or misrepresentation of one’s identity 6. Any form of pornography and / or offensive material, in tangible or intangible form 7. Use of systems in any other way that interferes with any Employee’s productivity and / or that of

others 8. “Hacking” or attempting to “hack” or obtain unauthorized access to any Evalueserve computer or

computer network 9. Copying, lending, reselling, or transferring software; installing personal software, or software that

is lewd or obnoxious in nature 10. Damaging, circumventing, and / or harming the security controls designed to protect Evalueserve

information systems or equipment Other general guidelines that an Employee must abide by are as follows:

1. Do not store sensitive client or personal information on Evalueserve computer 2. Promptly report any suspected violation and / or virus attack by raising an incident with the

Information Security team 3. Use licensed / legally authorized software – Software used at Evalueserve may be owned

by other companies and protected by copyright laws and / or license restrictions. Before acquiring or using any such software, Employees are required to contact the IT department and / or legal department to ensure that all third-party intellectual property (IP) rights related to such software are fully complied with. (Refer to Evalueserve End User Computing Policy for more information.)

Proprietary information: Proprietary Information is any information owned by and related to Evalueserve, such as information on Evalueserve’s databases; businesses; clients / customers; personnel details; medical and salary records; copyright protected materials; technical or scientific information relating to current and future products, services or research; business or marketing plans or projections; earnings, credit, and other financial data; and executive and organizational change, software, and other confidential information relating to the Company. All Evalueserve proprietary information is confidential in nature, unless specifically classified otherwise. This information may also be subject to copyright, patent, and other IP and legal laws. Evalueserve’s proprietary information is the result of ideas and hard work of many Employees and of substantial investment by the Company on planning, research, and development. This information, particularly Evalueserve’s confidential information, gives Evalueserve a competitive advantage in the marketplace. Evalueserve is prone to be adversely affected by unauthorized disclosures of its proprietary or confidential information to unauthorized recipients, or by the unauthorized use of such confidential information by any person who is strictly prohibited or restricted from having access to such information. Evalueserve’s proprietary information should be protected from unauthorized access at all times.

6.3 Authority to Make Business Commitments The authority to make business and / or financial commitments on behalf of Evalueserve has been clearly defined by way of clear delegation of authority. All Employees and Representatives are expected to work in accordance with such delegation of authority. Employees and Representatives should not make any oral or written commitments, arrangements, or promises of business that create a new agreement or modify an existing agreement with a third party without proper approval. Such commitments should be made by those having defined authority, and while acting within the limits of the said authority. Any and all forms of misrepresentation, fraud, dishonesty, and deception are to be avoided by Employees and Representatives.

6.4 Conflict of Interest Employees must avoid relationships that create a perceived or actual conflict between their obligation to Evalueserve and self-interest. An Employee’s financial, business, or other non-work-related activities must be lawful and free of conflict with the Employee’s responsibilities toward Evalueserve. Employees and Representatives must not, as a part of engaging in any outside activities, misuse Evalueserve resources, discredit its name and reputation, or affect its business in any way. Employees and Representatives should


not participate in any business or personal relationships, activities, or dealings that might adversely affect Evalueserve. Although it is not possible to provide a comprehensive list of every possible situation that may lead to a conflict of interest, given below are a few illustrations of possible conflicts of interest:

• You (or your family member) have a significant financial interest in a company (clients / suppliers) that has dealings with Evalueserve, and you are in a position to influence those dealings if you have access to non-public information about that company

• You (or your family member) have a significant financial interest in a company that competes with Evalueserve

• A family member is a director, officer, employee, or consultant in a company (clients / suppliers) that has business dealings with Evalueserve or competes with Evalueserve

• Your participation as a director, officer, employee, consultant, or promoter in an outside business prevents you from devoting full time to your job at Evalueserve

• Accepting gifts from suppliers, clients, or competitors

• Potential conflict resulting from a family member or close friend working for or owning a supplier of Evalueserve

• Any outside activity or relationship that could reasonably be interpreted as conflicting with the interests of Evalueserve

• Providing assistance to an organization that markets products and services in competition with Evalueserve’s current or potential products or service offerings


7 Financial Controls, Records, and Auditing Evalueserve is required by law to maintain and preserve all corporate and business records accurately and honestly and report any financial irregularity. The integrity of our records and public disclosure depends upon the validity, accuracy, and completeness of the information supporting the entries in our books of account. Financial statements and reports are prepared in accordance with the Generally Accepted Accounting Principles (GAAP/ IGAAP), accounting standards, applicable laws, rules and regulations for accounting and financial reporting of transactions, estimates, and forecasts. Making false or misleading entries is strictly prohibited. Employees, who collect, provide, or analyze information for, or otherwise contribute in any way to preparing or verifying the financial reports, should strive to ensure that our financial disclosure is accurate and transparent.

All Employees and Representatives are required to:

• Follow the prescribed accounting and reporting procedures

• Be accurate in preparing and compiling financial records and ensure that the records are secured and maintained as per statutory requirements

• Obtain all necessary approvals before releasing any financial information outside Evalueserve

• Ensure that all financial records and reports, whether in hard copy or electronic / computer-based format, are securely maintained and preserved for a tenure as prescribed under applicable laws

• Grant Evalueserve’s internal and external auditors and other authorized individuals access to all appropriate Evalueserve records and provide them with accurate and complete information, as they may from time to time require

• Promptly report any concerns about possible violations of this policy to the Whistleblower Committee (refer to Evalueserve’s Whistleblower Policy for more information)

• Report violations / any suspected breach of applicable data protection laws to the DPO via email ([email protected] ) or through the incident reporting mechanism available on iKnow

Auditing: Evalueserve is committed to providing accurate information to external and internal auditors in a timely, orderly, and consistent manner. Employees are prohibited from directly or indirectly taking any action to manipulate, mislead, or fraudulently influence external and internal auditors. Prohibited actions include:

• Issuing or reissuing a report on the Company’s financial statements that is not warranted in the circumstances (due to material violations of generally accepted accounting principles, generally accepted auditing standards, or other professional or regulatory standards)

• Non-performance of audit, review, or other procedures required by generally accepted auditing standards or other professional standards

• Withdrawal of an issued report

• Non-communication of matters to the Audit Committee



8 Commitment to Society

8.1 Environment, Health, and Safety Evalueserve strives to comply with all relevant environmental, health, and safety laws and regulations, and to provide each Employee and Representative with a safe and healthy work environment. Each Employee is responsible for maintaining a safe and healthy workplace for fellow Employees and Representatives by following environmental, safety, and health rules, practices, and reporting accidents, injuries, and unsafe equipment, practices, or conditions. All Employees and Representatives are expected to:

• Refrain from any acts that may pollute the environment

• Refrain from any acts that violate any environmental, health, and safety laws and regulations

• Maintain a clean and healthy workspace that does not present any hazard to any one

• Report circumstances that might lead to health and safety risks for Employees or the general public, for timely corrective action

8.2 Corporate Social Responsibility (CSR) Evalueserve is committed to CSR and working for the welfare and benefit of the communities in which it operates. As a part of its CSR initiative, Evalueserve is associated with non-profit organization(s) that provides education to underprivileged children and funds the education of these underprivileged children.


9 Reporting Violation of Code Every Employee and Representative at Evalueserve is obligated to adhere to this Code and all existing policies and procedures of Evalueserve, and is expected to report any suspected violation / fraud / breach in accordance with the reporting procedures as stated in the Whistleblower Policy. Employees and Representatives must adhere to the Code in letter and spirit. It is reiterated that this Code is not intended to be totally comprehensive, and Evalueserve relies on its Employees and Representatives to exercise discretion and engage in ethical conduct consistent with this Code. Violations of / Non-compliance with this Code may subject the violator to individual criminal or civil liability (including penalties and fines), as well as to strict disciplinary actions by Evalueserve (including dismissal). Disciplinary action may also be initiated for entertaining or participating in a violation, knowingly failing to report a violation or suspected violation, refusing to cooperate with the investigation of a suspected violation, and retaliating against an individual who reported a suspected violation in good faith. Any complaint / concern / incident / violation / non-compliance should be reported to the Evalueserve Whistleblower Committee (refer to Evalueserve Whistleblower Policy for more information).


10 Acknowledgment of Receipt of Code of Business Conduct

I,Mr./Ms._____________S/o/D/o/W/o________________________R/o___________________________________ bearing employee code________________have read and understood the Evalueserve Code of Business Conduct and Ethics. I agree and understand that

• This Code provides the general guiding principles and policies that are in place at Evalueserve. That at all times, as an Employee or Representative of Evalueserve, I need to abide and comply by this Code.

• That compliance with this Code is each individual’s personal responsibility.

• If I have questions concerning the meaning or application of this Code, any policies, regulatory requirements, I can consult my manager, the Human Resources Department, Compliance Department or the Executive Team.

• If I need to report any concern, incident or raise an issue, I can follow the procedure laid down in Evalueserve’s Whistleblower Policy.

Signed: ___________________________ Employee Name: ___________________ Employee Code: ____________________ Date: _____________________________


Evalueserve Disclaimer The information contained in this report has been obtained from reliable sources. The output is in accordance with the information available on such sources and has been carried out to the best of our knowledge with utmost care and precision. While Evalueserve has no reason to believe that there is any inaccuracy or defect in such information, Evalueserve disclaims all warranties, expressed or implied, including warranties of accuracy, completeness, correctness, adequacy, merchantability and / or fitness of the information.

code of business conduct and ethics reviewed

Documents